Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Hacking Boot camps!

from [Barrie Dempster] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Hacking Boot camps!
Date: Wed, 23 Nov 2005 09:19:23 +0000 
On Tue, 2005-11-22 at 23:57 -0500, Valdis.Kletnieks@vt.edu wrote:

Keep in mind that 98% of systems are nailed by either automated worms or
people running canned stuff.  Just because it's not "real hacking" doesn't
mean it doesn't actually work in practice.



Quite right, the majority of security incidents dealt with by
administrators (the guys that have a use for these courses) are the
automated/canned/known attacks, so for people in that position an
understanding of these attacks is extremely important for their own
network defense. These courses usually market themselves to the guy
looking to understand how systems are compromised. They are most useful
for pen-testers that rely on vulnerability scanners and the sysadmin
looking after his network.

For the guys writing the exploit code and figuring out to work around
things like ProPolice and DEP these courses won't help - no matter how
in depth they are, because figuring these sort of details out doesn't
require any knowledge you can be taught in a classroom, it requires
dedication and in most cases addiction to the task.

There definitely is a market and a value in these courses as they raise
the general security awareness of network administrators. A common
question among guys working in these sort of roles is "How do I get to
do that cool security stuff", the sad thing is the fact that they don't
already know the answer means they probably will never be any good, as
the most important part of it is ingenuity and initiative as well as the
dedication/addiction mentioned above.

The common mantra used within this sort of training is "think like an
attacker". My opinion is if you have to be taught that, you can never
think like an attacker, because the attacker doesn't have to focus his
thoughts he is always, automatically, looking for a way
around/over/under/through. The guy trying to think like an attacker is
focusing on his adversary when the real focus should be his systems,
because that's where the attackers focus is.


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] SmartCards programming..., khaalel
Next by Date:  Re: [Full-disclosure] SmartCards programming..., deepquest
Previous by Thread:  Re: [Full-disclosure] Hacking Boot camps!, Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] Hacking Boot camps!, pagvac
Indexes:  [Date] [Thread] [Top] [All Lists]